Skip to content
Satchel

Security at Satchel

You’re trusting us with clinician credential records and compliance workflow data. This page describes the controls currently available and the safeguards we confirm before handling sensitive documents.

Encrypted transport

Application traffic is transmitted over encrypted HTTPS connections. Before a pilot involving sensitive documents, we confirm the storage and retention approach for that deployment.

Least-privilege access

Access to customer data is restricted to the personnel who need it to deliver the service, with role-based controls.

Decision history

Uploads, manual verification events, record edits, and staffing actions are timestamped to help your team explain what happened and when.

HIPAA scope & safeguards

HIPAA applicability depends on the customer relationship and the data involved. If Satchel will create, receive, maintain, or transmit PHI as a business associate, the required BAA and applicable safeguards must be in place before that PHI is processed.

Pilot-ready controls

Tenant isolation, role-based permissions, signed sessions, and authentication rate limits are built into the application. Enterprise requirements are scoped before rollout.

Responsible disclosure

Found a vulnerability? Email hello@satchelhub.com and we will respond promptly. We appreciate coordinated disclosure.

Security requirements, reviewed together

We’ll review your security, data-handling, and vendor requirements before rollout so the deployment scope is clear for both teams.

Talk to us about security